Lucene search

[email protected]CVE-2020-1856

HistoryFeb 17, 2020 - 9:15 p.m.

CVE-2020-1856

2020-02-1721:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2020-1856

huawei

ngfw

nip6300

nip6600

secospace

usg6500

usg6600

usg9500

v500r001c30

v500r001c60

v500r005c00

information leakage

vulnerability

exploit

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.7%

JSON

Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage.

CPENameOperatorVersion
huawei:ngfw_module_firmwarehuawei ngfw module firmwareeqv500r001c30
huawei:ngfw_module_firmwarehuawei ngfw module firmwareeqv500r001c60
huawei:ngfw_module_firmwarehuawei ngfw module firmwareeqv500r005c00
huawei:nip6300_firmwarehuawei nip6300 firmwareeqv500r001c30
huawei:nip6300_firmwarehuawei nip6300 firmwareeqv500r001c60
huawei:nip6300_firmwarehuawei nip6300 firmwareeqv500r005c00
huawei:nip6600_firmwarehuawei nip6600 firmwareeqv500r001c30
huawei:nip6600_firmwarehuawei nip6600 firmwareeqv500r001c60
huawei:nip6600_firmwarehuawei nip6600 firmwareeqv500r005c00
huawei:secospace_usg6500_firmwarehuawei secospace usg6500 firmwareeqv500r001c30

CPE	Name	Operator	Version
huawei:ngfw_module_firmware	huawei ngfw module firmware	eq	v500r001c30
huawei:ngfw_module_firmware	huawei ngfw module firmware	eq	v500r001c60
huawei:ngfw_module_firmware	huawei ngfw module firmware	eq	v500r005c00
huawei:nip6300_firmware	huawei nip6300 firmware	eq	v500r001c30
huawei:nip6300_firmware	huawei nip6300 firmware	eq	v500r001c60
huawei:nip6300_firmware	huawei nip6300 firmware	eq	v500r005c00
huawei:nip6600_firmware	huawei nip6600 firmware	eq	v500r001c30
huawei:nip6600_firmware	huawei nip6600 firmware	eq	v500r001c60
huawei:nip6600_firmware	huawei nip6600 firmware	eq	v500r005c00
huawei:secospace_usg6500_firmware	huawei secospace usg6500 firmware	eq	v500r001c30

Rows per page:

1-10 of 181

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-firewall-en

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.7%

JSON

Related for CVE-2020-1856

prion1 huawei1 cvelist1